February 11, 2004 11:08 AM PST
Anti-spyware vendors come under fire
In a complaint filed with the Federal Trade Commission, the Center for Democracy and Technology (CDT) said software developer Mail Wiper and its marketing affiliate Seismic Entertainment Productions have misled consumers in promotions for anti-spyware software.
A public interest group has complained to the FTC about "deceptive" marketing practices by some anti-spyware companies, saying they try to scare people into buying their products.
The complaint may serve to heighten official scrutiny of companies that appear to be preying on consumers' growing fears of spyware, adware and other software surreptitiously installed on consumer PCs to serve up ads or monitor online behavior.
The Washington, D.C.-based privacy rights group asked regulators to launch an investigation of Mail Wiper, which produces a product called "Spy Wiper," and Seismic. It wants them to block the companies from using deceptive advertising practices or "home-page hijacking" techniques in the future, according to the complaint.
"It is especially important that the Commission act in this case because there is evidence that a variety of other companies claiming to market 'anti-spyware' software may have begun deploying advertising strategies similar to that used to advertise for Spy Wiper," the group wrote in its filed complaint. "The potential of the Internet will be substantially harmed, if users come to believe that they cannot use the World Wide Web without being subjected to deceptive advertising or be at risk of having the settings on their computers repeatedly changed by the sites they visit."
The charges come amid a rise in complaints about alleged unethical advertising tactics among anti-spyware companies, with some recent incidents going considerably beyond deceptive marketing. A CNET News.com investigation last week found evidence of "anti-spyware" products that actually installed software widely viewed as spyware, without giving any notice.
Spyban, a company highlighted in that article, has now ceased distribution of its anti-spyware software through its Web site and through Download.com, a software aggregation site owned by News.com publisher CNET Networks. More than 43,000 people have downloaded the software over the past four months, according to Download.com, despite posted warnings about bundled software.
Wednesday's complaint may serve to heighten official scrutiny of companies that appear to be preying on consumers' growing fears of "spyware," "adware" and other software surreptitiously installed on consumer PCs to serve up advertisements or quietly monitor online behavior. Regulators have spoken on the issue, and presidential candidate Sen. John Edwards, D-N.C., introduced anti-spyware legislation in 2001, but little official action has been taken.
According to the CDT's complaint, the advertising and distribution process for Mail Wiper's Spy Wiper software relied in large part on frightening consumers with unsupported claims, and may have involved changing people's home page without permission.
CDT investigators said they downloaded source code from Spy Wiper ads distributed by Seismic, which operates a Web site called "Default-homepage-network.com." According to the complaint, code contained in those ads warned of spyware attacks signaled by unusual activity such as the opening and shutting of computer CD-ROM drives. But CDT said the ads themselves triggered the suspicious activity.
CDT also alleges that Seismic distributed ads for products and services that launch a series of pop-up windows that ultimately lead back to promotions for Spy Wiper. After viewing those ads, CDT testers said home-page settings on their browsers had changed to default-homepage-network.com.
The CDT complaint raises new questions about how much responsibility software companies must take for the promotion of their products through third-party affiliates, a common practice on the Web. Confronted with evidence of controversial marketing practices by partner Seismic, Mail Wiper claimed ignorance, telling the CDT that it was not aware of and did not condone any irresponsible behavior that its affiliates might be engaged in, according to the filing.
Nevertheless, the CDT decided to file a complaint against both companies, in part reacting to numerous protests from consumers.
"The question is how much Mail Wiper knew and when they knew it," said Ari Schwartz, associate director of the CDT. "It seems to us that they should have known who the affiliate was that people were complaining about and help people get their computers fixed."
Executives for Mail Wiper could not immediately be reached for comment.
A representative for Seismic declined to comment on the specifics of the complaint. "We feel that everything we are doing is within the boundaries of the law," he said. "We feel the complaint is not accurate."
On the front page of its default-homepage-network.com Web site, Seismic contends that a third company has been taking control of computers and pointing them at that site without its permission. It also says that its business involves reconfiguring the home page in people's browser software.
Advertising by affiliate
Mail Wiper isn't the only company whose marketing methods have come under fire from skeptical online users. Increasingly over the past few months, anti-spyware products have become a staple of unsolicited advertising e-mails, often sent by affiliates of a software developer rather than the developer itself.
Links to one such product, dubbed "Spyware Nuker," appeared in several unsolicited e-mail messages to CNET News.com last month. The software is a product of Trek8, a software developer that also sells pop-up ad blockers and that is developing an antispam tool, according to its Web site.
Cody Cacares, Trek8's head of customer service, said he was unfamiliar with all of the practices of the company's e-mail marketing affiliates.
Spyware Nuker has raised eyebrows among some spyware watchers for its license agreement, in which it reserves the right to make any automatic updates in the future, "including but not limited to...advertising or other value-added software."
Cacares called the advertising reference in the license agreement "legal language," and said the software would not download anything that the user did not approve. "We wouldn't purposefully install any other program that is not related to our program, or send files that have any advertising links onto anybody else's computer," he said. "It doesn't download anything without your consent."
A CNET News.com test of Spyware Nuker last week found that the software did detect some common advertising components. In addition, the installation did not appear to include any bundled advertising software along with it.
Another product, SpyHunter from Enigma Software Group, has also shown up in e-mail advertisements in recent weeks. These e-mails were sent by affiliates, including a company going by the name "Kazaa Gold." Neither Enigma nor its affiliate returned calls requesting comment.